CVE-2022-1457

Name of the Vulnerable Software and Affected Versions facturascripts versions prior to 2022.04

Description The issue concerns a Store XSS in the title parameter, which executes on the EditUser Page and EditProducto page. This can lead to cross-site scripting attacks, potentially resulting in devastating consequences, including data exfiltration or malware installation on the user's machine. Attackers may also masquerade as authorized users via session cookies, allowing them to perform actions permitted by the user account.

Recommendations For versions prior to 2022.04, update to a version released after 2022.04 to resolve the issue. As a temporary workaround, consider restricting access to the EditUser Page and EditProducto page to minimize the risk of exploitation. Avoid using the title parameter in these pages until the issue is resolved.